Insane Password Policies 1
I can’t just bookmark an email in del.icio.us, so I’ll just have to quote this little gem from the SAGE list.
Theodore Tso writes
In another real world example, the security office set some obnoxious password policy that caused passwords to be impossible to remember, and then required changing said obnoxious passwords every 30 days. But this was at a company where the traders were making bazillions of dollars every day, and rule #1 was “thou should not piss off the traders, for they make your company rich and can go find a job with the competition”. So the company hired a set of runners who were given the traders’ passwords, and every morning before the traders came in, the runners would run around to all of the trading workstations and log in the traders so they wouldn’t have to.
Which elicited from Dan Geer, “for the record, I can corroborate the above.”